lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 25 Sep 2007 16:26:53 +0200
From:	Patrick McHardy <kaber@...sh.net>
To:	"Eric W. Biederman" <ebiederm@...ssion.com>
CC:	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel@...r.kernel.org,
	"David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH] Remove broken netfilter binary sysctls from bridging
 code

Eric W. Biederman wrote:
> Patrick McHardy <kaber@...sh.net> writes:
> 
>>I seem to be missing something, the entire brnf_sysctl_call_tables
>>thing looks purely cosmetic to me, wouldn't it be better to simply
>>remove it?
> 
> 
> Well it is cosmetic in a user space visible way.  Which means I don't
> have a clue which if any user space programs or scripts care if we change
> the behavior. 
>
> I just looked in the git history and brnf_sysctl_call_tables has been
> that way since sysctl support was added to the bridge netfilter code.
> 
> The only comment I can found about the addition is:
> 
>     2003/12/24 19:32:34-08:00 bdschuym
>     [BRIDGE]: Add 4 sysctl entries for bridge netfilter behavioral control:
>     bridge-nf-call-arptables - pass or don't pass bridged ARP traffic to
>     arptables' FORWARD chain.
>     bridge-nf-call-iptables - pass or don't pass bridged IPv4 traffic to
>     iptables' chains.
>     bridge-nf-filter-vlan-tagged - pass or don't pass bridged vlan-tagged
>     ARP/IP traffic to arptables/iptables.
> 
> So since forcing the values to 0 or 1 doesn't seem hard to maintain
> I am uncomfortable with removing that check.


OK lets keep it then. Fixing the race seems overkill to me though.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ